Fluid Attacks Database

Description

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	shim	=15.4-7 \|\| =15.6-1 \|\| =15.6-1~deb10u1 \|\| =15.6-1~deb11u1 \|\| =15.7-1 \|\| =15.7-1~deb10u1 \|\| =15.7-1~deb11u1 \|\| =15.8-1~deb10u1 \|\| >=0 <15.8-1~deb11u1	15.8-1~deb11u1
debian 12	shim	=15.7-1 \|\| =15.8-1~deb10u1 \|\| =15.8-1~deb11u1 \|\| >=0 <15.8-1~deb12u1	15.8-1~deb12u1
debian 13	shim	>=0 <15.8-1	15.8-1
debian 14	shim	>=0 <15.8-1	15.8-1
rpm rhel7	shim	<0:15.8-3.el7	0:15.8-3.el7
rpm rhel8.8	shim	<0:15.8-2.el8	0:15.8-2.el8
rpm rhel9.0	shim-unsigned-aarch64	<0:15.8-2.el9	0:15.8-2.el9
rpm rhel8	shim	<0:15.8-4.el8_9	0:15.8-4.el8_9
rpm rhel8.6	shim	<0:15.8-2.el8_6	0:15.8-2.el8_6
rpm rhel9	shim	<0:15.8-4.el9_3	0:15.8-4.el9_3

1-10 of 15

Aliases

1. CVE-2023-405502. NVD-2023-405503. OSV-DEBIAN-2023-405504. OSV-2023-405505. SECURITY-TRACKER-CVE-2023-40550

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.